Journalist Impersonation Phishing Attacks to Steal Cryptocurrency

?? Edwin Kwan, Sydney, Australia ↗
Hackers steal $3 million by impersonating crypto news journalists

What does the 2023 National Cybersecurity Strategy mean for software developers?

?? Julie Chatman, Washington, DC ↗
Is the National Cybersecurity Strategy a wake-up call for software developers? | GitLab

EU Is the First One At Something: Drafting the First AI Legislation in the World

?? Olimpiu Pop, Transylvania, Romania ↗
AI Act: a step closer to the first rules on Artificial Intelligence | News | European Parliament
https://www.europarl.europa.eu/resources/library/media/20230516RES90302/20230516RES90302.pdf

US targets investments in China’s Chip, AI, Quantum industries

?? Katy Craig, San Diego, California ↗
US to Target Investment in China Chips, AI, Quantum Computing
New US Export Rules Seek to Contain China’s Chip Sector

This Day in Tech History 

?? Marcel Brown, St. Louis, Missouri ↗
http://thisdayintechhistory.com/06/11
http://thisdayintechhistory.com/06/12

 

Pokie Huang: 

Hey, it’s 5:05 on Monday. June 12th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Edwin Kwan in Sydney, Australia, Julie Chatman in Washington, DC, Olimpiu Pop in Transylvania, Romania, Katy Craig in San Diego, California, and Marcel Brown in St. Louis, Missouri. 

Let’s get to it.

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

A hacking group known as “Pink Drainer” is currently running a cryptocurrency stealing campaign. They are impersonating journalists in phishing attacks to compromise Discord and Twitter accounts to perform their cryptocurrency stealing attacks. The hacking group impersonates journalists from popular media outlets like Cointelegraph and Decrypt to conduct phony interviews with their victims 

After gaining their victim’s trust, the hacker group informs the victim that they need to do a KYC (Know Your Customer). It’s a form of validation for the victim to prove their identity. The victims are then guided to websites that are used to steal their Discord authentication tokens. 

It is believed that they have successfully compromised around 2000 victims to steal roughly $3 million worth of digital assets. If a journalist approaches you, make sure you validate them first by contacting the media outlet via the details on their official website.

Julie Chatman: 

This is Julie Chatman in Washington DC. 

The 2023 National Cybersecurity Strategy emphasizes the responsibility of software makers to ensure secure software development and calls for stronger security measures throughout the software development lifecycle. In the strategy document, the White House says that vendors neglect secure development practices and ship products with insecure configurations or known vulnerabilities. And that software makers often disclaim liability through contracts.

The strategy aims to change that and hold developers accountable for inadequate security measures. For example, the White House intends to work with Congress to establish legislation that enforces liability for software security. 

To align with the National Cybersecurity Strategy, software makers can adopt a comprehensive DevSecOps approach, integrating security and compliance into the developer experience. They can also help create software inventories and demonstrate trustworthiness through mechanisms like Software Bill of Materials or SBOM, which is a list of ingredients that make up software components that can be used to track updates and known security vulnerabilities. 

Overall, the 2023 National Cybersecurity Strategy emphasizes the importance of secure software development and seeks to create accountability for security failures. It encourages collaboration, automation, and transparency, while seeking to eliminate threats, rebalance responsibilities, and forge partnerships to move the needle on creating a more secure digital ecosystem.

Olimpiu Pop: 

AI, a topic we didn’t speak in quite some time. You probably didn’t hear anybody speak about it for weeks now. Members of the European Parliament try to endorse rules that aim to make AI systems overseen by humans and promote safety, transparency, traceability, non-discrimination and environmental friendliness. Surprisingly enough, they want a technology neutral definition of AI that applies to today’s and tomorrow’s systems. 

 Built on a risk based approach , AI systems that pose an unacceptable risk to human safety are prohibited. 

What’s unacceptable? Systems that are manipulative techniques exploit vulnerabilities, or engage in social scoring. Intrusive and discriminatory uses of AI systems such as real-time biometric identification, predictive pulsing, and emotional recognition in various contexts fall in the same category, also. 

Do you hear that France??? 

 The classification of high risk AI areas includes, Harm to health, safety, fundamental rights and the environment. AI systems influencing voters in political campaigns and recommender systems on large media platforms were also added to the high risk list.

Too late for Brexit, unfortunately. 

 Transparency measures were introduced for providers of foundation models in AI. Generative foundation models like GPT would need to comply with additional transparency requirements, such as disclosing AI generated content, preventing illegal content generation and publishing summaries of copyrighted data used for training.

Exemptions were included for research activities and AI components provided under open source licenses to support innovation. Regulatory sandboxes were promoted to test AI systems before deployment. MEPs aim to strengthen citizens’ right by enabling complaints and explanations for decisions made by high risk AI systems.

The role of the EU AI office was reformed to monitor the implementation of the AI rulebook.

And to be in the trend, the summary was generated with the help of ChatGPT. Sarcasm and irony are mine and mine alone. The resources sections contains the full text of the draft and the news release. You can find them on 505updates.com.

This was Olimpiu Pop from Transylvania, Romania.

Katy Craig: 

The US is about to implement some serious restrictions on investments in Chinese technology firms working on cutting edge advancements in chips, artificial intelligence, and quantum computing. 

This is Katy Craig in San Diego, California.

In a recent hearing before the Senate Banking Committee, Paul Rosen, a top official at the US Treasury, let slip this significant development. The US government is looking to clamp down on investments that bring not just money, but also critical know-how and expertise to specific sectors, and we’re talking about major sectors here; advanced semiconductors, AI and quantum computing.

Now, why is this happening, you ask? Well, it’s no secret that the US has been particularly concerned about China’s ambitions and its military’s involvement in these cutting edge technologies. The US sees this as a matter of national security, and they’re not taking any chances. 

It’s not just the US going in guns blazing. Even its allies like Japan and the Netherlands have joined the party and agreed to extend similar restrictions against China as part of what is being called the chip war.

As cybersecurity enthusiasts, we must keep a close eye on these developments. The implications of this tech war go far beyond just two nations vying for dominance. It has repercussions for global innovation, security, and even geopolitics. 

This is Katy Craig. Stay safe out there.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology with your technology history for June 11th and June 12th. 

June 11th, 1978. Texas Instruments Incorporated introduces the Speak and Spell, a talking educational toy for children. The device features the first electronic duplication of the human voice on a single chip of silicon. It transformed digital information processed through a filter into synthetic speech and could store more than 100 seconds of linguistic sounds. 

June 12th, 1967. The Soviet probe, Venera 4, is successfully launched. On October 18th, 1967, it will enter Venus’ atmosphere where it will become the first space probe to successfully return atmospheric data from another planet.

That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.

Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Edwin Kwan, Julie Chatman, Olimpiu Pop, Katy Craig, Marcel Brown for today’s contributions. 

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you tomorrow… at 5:05.